DDoS attack on Dyn could have been prevented

It didn’t have to happen.
Last month’s massive distributed Denial-of-Service (DDoS) attack on Domain Name System (DNS) service provider Dyn, which used a botnet of thousands of Internet of Things (IoT) devices to disrupt dozens of major websites including Twitter, Spotify, PayPal, GitHub, CNN.com and the New York Times, could “easily” have been prevented.
That contention comes from the Online Trust Association (OTA), creator of what it calls the "IoT Trust Framework